Exposures › CVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that allows attackers to take complete control of a system by opening a specially crafted file.
This unpatched RCE vulnerability in Microsoft Office Excel has been actively exploited in the wild, posing a severe risk to DIB organizations that rely on Office for document handling. The ability to execute arbitrary code via a crafted file enables attackers to bypass security controls and gain full system access, directly violating NIST 800-171 requirements for system integrity and confidentiality. DIB orgs must immediately patch affected systems and implement strict file handling controls to mitigate the risk of exploitation.
Shame score — This is a high-severity RCE vulnerability that has been actively exploited in the wild for years, indicating a significant lapse in Microsoft's patch management and security posture.
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |